If unshare_nsproxy_namespaces() successfully creates the new_nsproxy,
but then set_cred_ucounts() fails, on its error path there is no cleanup
for new_nsproxy, so it is leaked. Let's fix that by freeing new_nsproxy
if it's not NULL on this error path.

Fixes: 905ae01c4ae2a ("Add a reference to ucounts for each cred")
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 kernel/fork.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kernel/fork.c b/kernel/fork.c
index 3da0f08615a95..6f7332e3e0c8c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -3133,8 +3133,11 @@ int ksys_unshare(unsigned long unshare_flags)
 
 	if (new_cred) {
 		err = set_cred_ucounts(new_cred);
-		if (err)
+		if (err) {
+			if (new_nsproxy)
+				free_nsproxy(new_nsproxy);
 			goto bad_unshare_cleanup_cred;
+		}
 	}
 
 	if (new_fs || new_fd || do_sysvsem || new_cred || new_nsproxy) {
-- 
2.51.1